Educators

If you're an educator, you want to learn how best to teach students about developing secure software in today's security-challenged world. We have many resources to help you do just that. Ask yourself the following key questions and read on.

Read our FAQ to learn more about the CERT Division;watch videos and see other artifacts that summarize our latest research. If you have questions, please feel free to contact us.

Have You Studied Our Latest Curricula?

Our Cybersecurity Engineering researchers address security and survivability throughout the software development and acquisition lifecycles.

Software Assurance for ExecutivesThese materials provide executives and managers with a better understanding of software assurance challenges, development and acquisition assurance, mission assurance, the Microsoft Security Push and the Microsoft Secure Development Lifecycle, threat modeling, and assurance issues in cloud computing, as well as sustainment, governance, and standards in support of software assurance.

Master of Software Assurance CurriculumThe Master of Software Assurance Reference Curriculum is the first curriculum ever to be developed that focuses on assuring the functionality, dependability, and security of software and systems.

Insider Threat

Insider Threat Research
Much of our insider threat research draws on a database of hundreds of real insider threat cases collected from news media, industry reports, and other public sources. Once segmented and coded, the data drives anonymized, custom studies of many aspects of the insider threat problem.

Incident Management

CSIRT Development
These products and services are available to the global CSIRT community.

National CSIRT SupportThe CERT Division recognizes the unique issues facing national computer security incident response teams (CSIRTs) and provides information and resources that help provide mechanisms for cooperation and collaboration among the organizations that fill this role around the globe.

Incorporate Our Curricula and Materials into Your Program

Software Assurance Curriculum
The Master of Software Assurance Reference Curriculum is the first curriculum ever to be developed that focuses on assuring the functionality, dependability, and security of software and systems.

Software Assurance for Executives
Our course materials give executives and managers a better understanding of software assurance challenges, development and acquisition assurance, mission assurance, the Microsoft Security Push and the Microsoft Secure Development Lifecycle, threat modeling, and assurance issues in cloud computing, and sustainment, governance, as well as standards in support of software assurance.

Software Assurance Competency Model
This model is a foundation for assessing and advancing the capability of software assurance professionals. It is designed to help organizations and individuals determine software assurance competency across a range of knowledge areas and units.

Lecture Materials and Artifacts
Lecture materials and artifacts in the following categories are available for use in a software assurance program or track: SQUARE, Secure Programming, Secure Software Management, Software Security Engineering, Case Studies, and Static Analysis for Software Quality.

Secure Coding

Secure Coding Standards Research
Our researchers coordinate the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.

DidFail
The DidFail tool uses static analysis to detect potential leaks of sensitive information within a set of Android apps.

Rosecheckers Tool
The CERT Division's Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding standard.

Integer Security Tool
Our researchers are working on a number of solutions for addressing the issue of integer security, including including the "as-if infinitely ranged" AIR prototype.

Secure Coding in C and C++
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.

Secure Coding in Java
This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation.

Ask Us to Help You

Have your students use our tools (e.g., DidFail) to learn about and discover software vulnerabilities that result from insecure coding. Contact us if you have questions about how to use DidFail or any of the other Secure Coding tools.

Contact us if you would like your students to work with us to develop secure coding rules and guidelines for Android, iOS, or Windows 8 smartphone applications.

If you might like your students to develop static analyzers for code to check compliance with the CERT secure coding rules and guidelines, contact us. We sometimes have opportunities for Master's thesis projects.